undefined | Better HN

0 pointsrrdharan7y ago0 comments

Same. I recently purchased an upgrade and consider it well worth the price, although I'm considering switching to the subscription model / family plan to make it easier to support my parents and in-laws. However my main concern is that you can't disable browser access when using ay of the subscription plans:

https://discussions.agilebits.com/discussion/80105/cant-disa...

0 comments

eridius7y ago

I'm confused as to what the security issue is here.

> Limiting the access of unencrypted passwords to only properly setup 1PW applications would seem to eliminate the possible (probable?) web based attack vector to a 1password.com account.

This doesn't make sense. What's a "properly setup 1PW application"? Presumably that's an instance of 1Password that has been given both the master password and account key for the account. But when you use the web-based portal, you have to give it, yep, the master password and account key.

Anyone who is able to access the passwords using the web portal can already set up a local instance of the 1PW application that syncs with the same account.

Ultimately, asking to "disable browser access" is basically the same thing as asking to "disable the syncing API", which would obviously defeat the entire point of having the family account.

rrdharanOP7y ago

Right - I don't want 1Password to handle syncing and I don't want Dropbox handling / offering decryption of the encrypted store.

I trust the local 1Password apps enough to supply them my master password to unlock vaults locally.

I trust Dropbox enough to not sync the encrypted store somewhere I don't want it ending up.

It's a separation of concerns argument. I likely won't hold up to any targeted attack on my personal property given how careless I am with local devices but I should be somewhat protected against a your typical dragnet / mass attack against either service remotely.

clairity7y ago

yup, i don't use 1password.com because of those security concerns.

not sure if it would work for your situation, but it's possible to set up different vaults for different groups of people and share them via separate dropbox folders (or even just different share settings on the vault files). i have 5 vaults set up that way.

j / k navigate · click thread line to collapse